You have a Microsoft 365 E5 subscription. The subscription contains 25 computers that run Windows 11 and are enrolled in Microsoft Intune.
You need to onboard the devices to Microsoft Defender for Endpoint.
What should you create in the Microsoft Intune admin center?
To onboard devices to Microsoft Defender for Endpoint using Microsoft Intune, you should create an endpoint detection and response (EDR) policy. This policy is specifically designed to configure and manage endpoint detection and response capabilities, including onboarding devices to Microsoft Defender for Endpoint. The EDR policy is tailored for this purpose, ensuring that devices are properly integrated into the defender ecosystem for comprehensive threat monitoring and response.
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/onboard-configure?view=o365-worldwide
Direct link: https://learn.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure#onboard-windows-devices
To onboard devices to Microsoft Defender for Endpoint using Microsoft Intune, you should create an endpoint detection and response (EDR) policy. This policy is specifically designed to configure and manage endpoint detection and response capabilities, including onboarding devices to Microsoft Defender for Endpoint. Therefore, the correct answer is: C. an endpoint detection and response (EDR) policy
It should be E
To onboard the Windows 11 computers to Microsoft Defender for Endpoint using Microsoft Intune, you should create an Antivirus policy. This policy helps manage the antivirus protection settings on the devices, which includes configuring Microsoft Defender Antivirus settings. This is essential for ensuring that the devices are protected and that Defender for Endpoint can monitor and respond to threats effectively.
C is correct. When you configure Defender for Endpoint, it will also create a default policy to onboard Windows devices in Defender for Endpoit. This currently only works for Windows. For MacOS it's a different story.
C is correct When you integrate Microsoft Defender for Endpoint with Intune, you can use endpoint security policies for endpoint detection and response (EDR) to manage the EDR settings and onboard devices to Microsoft Defender for Endpoint. https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-edr-policy
E - While creating an Endpoint Detection and Response (EDR) policy in Microsoft Defender for Endpoint is essential for advanced threat detection and response capabilities, the initial onboarding process specifically involves creating an antivirus policy for managing settings related to Microsoft Defender Antivirus. The antivirus policy helps ensure that antivirus protection is configured correctly on enrolled devices. It includes settings related to real-time protection, cloud-delivered protection, automatic sample submission, and more.
C - Would also work because it is required to create an EDR. Creating an Antrivirus policy and an EDR are both required steps according to this. Scroll through the steps and see: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/onboarding-endpoint-manager?view=o365-worldwide
Checked this again and can confirm it's C that's correct. When you integrate Microsoft Defender for Endpoint with Intune, you can use endpoint security policies for endpoint detection and response (EDR) to manage the EDR settings and onboard devices to Microsoft Defender for Endpoint. https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-edr-policy
The answers do not match the question, the question says: You need to onboard the devices to Microsoft Defender for Endpoint. First you need to turn Onboarding under settings under Microsoft Defender for Endpoint, plus download the package scripts to run on devices, or under Advanced Features, turn on the Intune Connector AND turn on the Defender for Endpoint Connection in Endpoint Manager (2x ways). From the question the computers are not onboarded yet. Then you configure the various ASR, EDR etc.... I guess if I get this on the exam 1:1 I will answer as per the answers here
ChatGPT tells E is the correct answer
Correct
Option: E
In many cases, organizations will have existing endpoint security products in place. The bare minimum being an antivirus solution, but in some cases, an organization might have existing endpoint detection and response solution. Note "bare minimum".
Correct